Accepting request 764572 from Base:System

- Looks like libseccomp filter stumble over decompressors like
  xz (without liblmza) or zstd hence disable it (boo#1160649)
- Require at build devel packages for liblzma and libbz2

- file-5.38-allow-readlinkat.dif: allow readlinkat() systemcall,
  reenable sandboxing. (bsc#1160303)

- Currently file command receives SIGSYS/31 with sandboxing enabled
  via libseccomp

OBS-URL: https://build.opensuse.org/request/show/764572
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/file?expand=0&rev=117

file-5.38-allow-readlinkat.dif

@@ -0,0 +1,14 @@
+Index: file-5.38/src/seccomp.c
+===================================================================
+--- file-5.38.orig/src/seccomp.c
++++ file-5.38/src/seccomp.c
+@@ -202,6 +202,9 @@ enable_sandbox_full(void)
+ #ifdef __NR_newfstatat
+ 	ALLOW_RULE(newfstatat);
+ #endif
++#ifdef __NR_readlinkat
++	ALLOW_RULE(readlinkat);
++#endif
+ 	ALLOW_RULE(open);
+ 	ALLOW_RULE(openat);
+ 	ALLOW_RULE(pread64);

file.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Wed Jan 15 09:17:43 UTC 2020 - Dr. Werner Fink <werner@suse.de>
+
+- Looks like libseccomp filter stumble over decompressors like
+  xz (without liblmza) or zstd hence disable it (boo#1160649)
+- Require at build devel packages for liblzma and libbz2
+
+-------------------------------------------------------------------
+Wed Jan  8 13:55:46 UTC 2020 - Marcus Meissner <meissner@suse.com>
+
+- file-5.38-allow-readlinkat.dif: allow readlinkat() systemcall,
+  reenable sandboxing. (bsc#1160303)
+
+-------------------------------------------------------------------
+Tue Jan  7 11:22:04 UTC 2020 - Dr. Werner Fink <werner@suse.de>
+
+- Currently file command receives SIGSYS/31 with sandboxing enabled
+  via libseccomp
+
 -------------------------------------------------------------------
 Fri Dec 20 14:00:22 UTC 2019 - Dr. Werner Fink <werner@suse.de>
 

file.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package file
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,6 +23,8 @@ Name:           file
 BuildRequires:  bash >= 4.0
 BuildRequires:  libtool
 BuildRequires:  zlib-devel
+BuildRequires:  pkgconfig(bzip2)
+BuildRequires:  pkgconfig(liblzma)
 BuildRequires:  pkgconfig(libseccomp)
 URL:            http://www.darwinsys.com/file/
 # bug437293
@@ -64,6 +66,7 @@ Patch34:        file-5.23-endian.patch
 Patch35:        file-5.24-nitpick.dif
 Patch37:        file-secure_getenv.patch
 Patch39:        file-5.28-btrfs-image.dif
+Patch40:        file-5.38-allow-readlinkat.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _miscdir    %{_datadir}/misc
@@ -129,6 +132,7 @@ to develop applications that require the magic "file" interface.
 %patch35 -p0 -b .nitpick
 %patch37 -p1 -b .getenv
 %patch39 -p1 -b .btrfs
+%patch40 -p1 -b .readlinkat
 %patch -b .0
 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
 rm -fv src/magic.h
@@ -140,7 +144,10 @@ rm -f Magdir/*,v Magdir/*~
 rm -f ltcf-c.sh ltconfig ltmain.sh
 autoreconf -fiv
 export CFLAGS="%{optflags} -DHOWMANY=69632 -fPIE $(pkg-config libseccomp --cflags)"
-%configure --disable-silent-rules --datadir=%{_miscdir} --disable-static --enable-fsect-man5
+%configure --disable-silent-rules --datadir=%{_miscdir} \
+	--disable-static \
+	--disable-libseccomp \
+	--enable-fsect-man5
 make %{?_smp_mflags} pkgdatadir='$(datadir)' LDFLAGS="-pie"
 
 %install

python-magic.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-magic
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed